Analysis
-
max time kernel
40s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
05-07-2022 13:51
Static task
static1
Behavioral task
behavioral1
Sample
1585cc8a5c403cc01450df1340d37960.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1585cc8a5c403cc01450df1340d37960.exe
Resource
win10v2004-20220414-en
General
-
Target
1585cc8a5c403cc01450df1340d37960.exe
-
Size
9KB
-
MD5
1585cc8a5c403cc01450df1340d37960
-
SHA1
dff56cae33d50951b069e6975763efe76612856e
-
SHA256
7813f5cf2dec934b3bee4f6317f80e11e015e0598fb73c6cf3d3b666e7b540dd
-
SHA512
57ff449893904d194854dacee51af0c9a0b8758980876a23c53f33bccf7518723efcf6f98cb52c6c41e4e920a60a30b2d7f75404cefc36d34066de42176ae027
Malware Config
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1172-54-0x0000000000AD0000-0x0000000000AD8000-memory.dmpFilesize
32KB
-
memory/1172-55-0x0000000000660000-0x000000000068E000-memory.dmpFilesize
184KB
-
memory/1172-56-0x0000000001EE0000-0x0000000001F13000-memory.dmpFilesize
204KB
-
memory/1172-58-0x0000000076191000-0x0000000076193000-memory.dmpFilesize
8KB
-
memory/1172-59-0x0000000004AE0000-0x0000000004BE0000-memory.dmpFilesize
1024KB
-
memory/1172-60-0x0000000004030000-0x0000000004085000-memory.dmpFilesize
340KB
-
memory/1172-62-0x0000000000420000-0x0000000000440000-memory.dmpFilesize
128KB
-
memory/1172-66-0x0000000004AE0000-0x0000000004BE0000-memory.dmpFilesize
1024KB
-
memory/1172-67-0x0000000001EE0000-0x0000000001F13000-memory.dmpFilesize
204KB
-
memory/1172-68-0x0000000004AE0000-0x0000000004BE0000-memory.dmpFilesize
1024KB
-
memory/1172-69-0x0000000004AE0000-0x0000000004BE0000-memory.dmpFilesize
1024KB